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Th e invention rentes generally to the field, of person.! 
a „a necworKing. specif icaUy. it rentes to the ne„ and «oi™. faeid of 

the » -net. or to an network or xntemet service Proper 
ISP. to gain access to applications which are then executed on the 
desktop computer. Here specifically, the invention re!ates to 
Trier based storage of software preferences .configuration data) for 
rorrare retrieved fro. a server and executing at the desktop computer. 

The field of network computers is presently in its infancy. 

T it Is expected to evolve rapidly, especially in the corporate 

this new stored and administered software 

eQ uipped computers and locally * envir onment, a user can be 

applications. For example in*, corpo ^ ^ ^ 

connected to a corporate intr "^™; of tware applica tions as they are 
protocols of the internet, and download software «yy 
"del directly from a network server to the desktop computer. An 

ficat on is executed on the desktop in the traditional manner by the 
application is execu of this configuration is that 

u£e r to perform usefu! work, f ^^^^ ive than tradit ional disk 
network computers - ~ ti ^ f . ^ reQuired 

eq r r if c — u r- i: — ^ ^^1 

To"! o software for each user, certain!*, the software administration 

17 = .hat attend iarce numbers of corporate users will be 
Tbs r t i 1 V rerced. L the present time, each user of a disk eouipped 
substantially effectively his or her own system 

colter or wor station t ct^ ^ „ 1>ck 

.dmanx.tr.tor. a ro e that livB „ t .,. ro eliminate this 

°' * of loading the probie, to a small numoer of server 

problem by effect, ey stru9 gle with the 

^1^^ ^aL. upgrades and computer administration. 

„ mentioned above, this vision of the future of personal computing 
» present in its infancy. » a result, there are presently many 
problems and deficiencies with existing systems. 
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Typically, in network computer systems, an administrator creates 
user profiles that are stored on a network server. The profiles may 
contain different types of information, such as user desktop preferences 
and user permissions for access to different software applications that 
5 might reside on the server, when a user logs onto the system, the user ■ 

identifies him or herself to the server, the server locates the profile . 
for the user and transmits it to the user computer whe're it is used to 
configure the computer and generate a desktop. The desktop might include 
a number of icons representing applications to which the user presumably 
10 has access. The profile likely also contains other attributes of the 

computer and desktop, such as for example, the background colour of the 
oesktop, or character fonts and point sizes used on the desktop, or data 
file search paths, etc. that are unique to the user. The profiles may be 
user modifiable or non-modifiable. 



15 
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in an environment in which users can modify their own profiles, a 
modified profile is uploaded back to the server at log-off time, where it 
is stored for retrieval the next time the user logs-on. in some prior art 
systems, to the best of our knowledge, the users can generate on their 
desktops any configuration of application icons they wish, whether or not 
they exist on the server, and whether or not a user actually has access 
permission to an application on the server. The Lotus Workplace Desktop 
(previously called Kona Desktop) system is an example of this type of 
operation. in other systems, the server presents a list to the user of 
all applications that the server has, from which the user can pick. m 
this case, there is no guarantee that the user actually has access 
permission to an application that is selected from the list for inclusion 
on tne desktop. The Sun Hot Java Views system is an example of this type 
of system. In other words, the prior art systems do not correlate between 
what the user can configure for the set of desktop application icons and 
applications to which the user actually has permission access. m such a 
case, when the user clicks on a icon to execute an application, an error 
message may occur (such as an unauthorized access message) if access 
permission is not present, or in a worse case, the user's computer may 
3 5 crash. 

Another limitation with existing art is that a flat data structure 
is used to model users, user groups, terminals and groups of terminals. 
Modeled after a common scheme for managing user access to computer 
resources, known network computer implementations (e.g., Lotus 
Administration, Facility for Desktops, Microsoft windows NT Profiles and 
Policies, and Sun Hot Java Views) implement a flat 'groups' structure on 
the server for managing software preferences (or attributes) in various 

contexts,. A 'context', as used here, refers to an individual user, user 

45 group, terminal, or terminal group. Any grouping structure for 
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■«a software preferences on the server allows an administrator to 
:™refe attributes for different g roups of users as well as for 

.•vtdual users. However, flat systems are inflexible' in many 

ZLs especially in environments having large numbers of users. 
r™rable t rovlde an administrative tool supporting the 
11;L:::*oI of presence information into a hierarchical structure. 

mother limitation with existing systems is that they are limited in 
t he wayTtha Iministrators and users have to perform user configuration 
the ways tna example, administrators are presently 

context of a group of users. 

Still another limitation in the prior art known to the inventors is 

the manned which the prior art ^ 

„„ S rantee that a unique space is resexveu 
space to guarantee wot * ,.,^ e ~ the server. To the 

*. a 4-^ rhP different applications on tne sex vex 

fhat ?nniies to a venaor and by tnen navxny 
Tri "e a s ' . secona aesignation relative to the first 

"I \or\ach v.„aor - — »■ — - 

the aepgnation «»ao rt » the first ™ or which 

mipranteed to be unique within the architecture 
ae sl „»."on ' 7 lils . The seco „a authority at venaor A then 

" S,9 " S " C °^ ZZle, one of venaor V . applications might be 

rea™enao™ mother might he aeeignatea 

„c ;«pa the unigue aesignation for "* ^""^'J^'".,.^ 
location in permanent storage of the system to guarantee tnat p 
Zl or the different applications ao not colliae in storage. An 
sppticttion! when running, inform, the networ* computer server of tts 
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unique storage location and it is the responsibility of the server to 
partition an area at the starting location according to a context (user 
user group, terminal or terminal group) for storing preference 
information so as not to collide with preference information in a 
different context, clearly, this manner of administering storage space is 
awkward and undesirable. It is desirable to devise a method to 
automatically generate unique storage locations for storing preference 

"r^no :: e the afore mentioned ° bje — - ^1^3. 

resorting to the requirement of having central authorities assign unique 
cessations for the purpose of preventing collisions in the storage of 
preference information and without coding storage location information 
into an application. ™ 

Still another limitation in the art lies in the lack of any 
provision to migrate existing applications and hardware into the new 
environment of the centrally managed network computing world without 
requiring changes to the existing hardware and applications. Existing 
hardware, a terminal for example, in a networked environment, cets its 
configuration information at boot-up time from a file in a specific format 
located on a server. The terminal is programmed to know how to access its 
configuration file. The terminal uses a unique identifier to access the 
file from the server. The unique identifier is often the media access 
control (mac ) address of the terminal. However, in a new centrally " 
ZZT TTT" living Protocols and API's that are different from 
that to which the terminal is designed, the terminal cannot access 
preference information in the new environment, the terminal can only 
access its configuration file in the way for which it is designed. This 
is a serious problem, because there are many such existing devices in use. 
The inability to use them in new systems impedes substantially the 
incentives for users to migrate to the new systems. 

Still another limitation in the prior art concerns the interface 
between an administrator and the configuration management system. when 
conjuring software within an administration facility to configure 

L e'milaf f0rmatl0n ^ ^ ™' ' 

and terminal groups, the administration software launches in the context 
(user user group, terminal or terminal group) set by the Administrator 

That h rUnn T f3Cility - WhSn changes the context 

that the application is running under, the application needs to be 
relaunched to load configuration information for the new context The 
process of relaunching software each time a context is changed is time 
consuming and inconvenient for an administrator, especially in systems 
w tn many users. in such systems, it is expected that an administrator 
will change contexts many times while configuring an application 
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- me asoect the invention provides, in a network system 
According to one aspect, the pldralit y of user 

. network interconnecting a server anu ^ 

comprising a network stations from the 

server, wherein the serve f „, th , r stores access permissions for 

downloading to use, : ststron nd orther^ ^ ^ ^ 

the applications for each user, • identifier from a user 

« the server . ~ t no udin, . - ^ 

station; using th rdent f. „ the stati on the 

the user has access permission, permissions, and displaying on 

epplic.tions for which ^ "" ^J£Z£» to each application in th. 

* -"""a - ™.« -in, operative to revest a 

U^o. -corresponding application to th. user station. 

,ond aspect the invention provides, in a network 
According to a second aspect, tn plura lity of 

syst em comprising a network ^^^slojs l the user stations 
US er stations, an - = ^ ™ £or receiving at the 

from the server, said apparatu p ident ifier from a user station; 

server a log-on request including a user ^* applicat ions for which 
me ans for using the identifier : tc > b 1 a ^ « ^ ^ fitation the 
the user has access permiss on. means f o permissio ns .• and means 

U.t of applica ^ons for -ch the e to eac h 

for displaying on * ^"^^^ wne n selected by the user being 
aPPUCati ^:: S of the corresponding application to the 

operative to request 
user station. 

..cording to a third aspect, the ^"^Z^Z- ™ 
progra. product stored in a --—^ Rising > ~~ «* 
on , computer, carrying out in a netwo V & q£ 

interconnecting a server an a P «1 «y the 5erver 

managing desktops on the user downloading to user stations, 

stores a plurality of user applications f ons £or each user. 

„d further stores access permiss - ^ £ server . 10 ,. on r . g „ese 

••» — 3 """i^i": frim a user station; using the iaentifi.r tc 
including, a user identu access permission; 

ball d a list of aPPi™* «« plications for which the user has 

application to the user station. 

scribed herein provides a common repository for 
The system described here e ... ^ client- server 

concentration information for users and applets 
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it is not intended " iL t h L aSS ™ ea " ^ aPD1 " S - • 

10 Preferences for t e „ T 7 "° n m * JaV * 

»ight be hsndlea in the „ ay aescrib.d herein. PPletS 

ThS i " vention s ° lv " the problem whereby a user is abje ,„ 
his or her desktop so as presumably to be able to 1 to confrere 

the server when in f,„ .v. . access an application on 

aooess the appi i c, t i »" ' „ h t 2? ™\Z ^ — °» «- 

identifies him or herself to th^Mr^r ^ ^3 o Vs^ l^L 
and a password. The server uses thi- identifier 
« ? t of applications to whioh Z^^^Z T^T^TlU 

is transmitted to the userq cf^^. ^ C Ilst 

a portion of the J^T^ -J- - - 

applications to which the user has access permission. Preferably the 
foloer is co m posed of a nunfcer of application icons each 
25 correspond to a different application and which may be select by the 

user to launch the associated application. Associated wi h each 
application in the list are parameters necessary for .hi 

z ----- 

>0 .set modify., the des.ot Z 

be where the user copies an BDB , lr * ° rS COnUn ° n case mi ^ ht 

fro, the list fro, thrjenLated fold" ^ ^ *" ^^ C ^ —rated 

S then lo 9 s off. when th u Se og f £ ~ ° f - 

j.ogs ott, or otherwise saves hi* o-r v,^ 
pre erences for the desktop via any methoa the system miaht Provide the 
copieo icon is saved to thp co™^ - p u 1Qe ' tne 

conjured for the us r „h n usl latTlc'" °* 
oopiea icon is reproduced on the desktop not ""^ ' 

0 oeneratea list ,o f accessible „~ s" art'or™" 1 " 

. the user . 9 . 1Mt the application permissions present on the server 



If a 
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oser >as in = lu aea „ appue.tion jr^J^^^^Sa 

does not have access permission, then the object a 

SI "ne aesstop oMeet that is tall. W the — « " time . 

0 „: vp<! a user log-on identifier from the user, 
server receives a user 1 g ations for whi ch the user has 

the identif ler to buil . ^ f is then download ed to the user 
access pe™, • * J between the u£ er and the user's station, 

station to control the interia aDD iications to which 

Th e server eiso ao-O-d. ~ U'r^ Use to -na a 

the user has access permission. Tne u ^ 

is removed from the desktop. 

Fi9 1 shows an Hlo.tr.tlv. network a„a «s„ stations, inoluoin, an 
aerator. s station, in whioh the invention he pr.etrsea; 

2 shows an iuustrative hioe* ^ components of 

q station in communication with a server, dno 

profile management and preference administration; 

zz s z: r; t r^> — . - tml », ^ — 

these are omitted for simplicity; 

Fig 4 shows one illustrative listing of individual users and the 
gr oup priority order that is used to determine a set of fences from 
^ ^ 4 ..^_ „ f pi a 3 that apply to a user and a 

the hierarchical organization of Fig. i tnat. spp y 

specific application executed by the user;. 

Fig . 5 shows a more detailed view of the administrator's station and 

server of Fig. 2; 
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Fag. 6 shows an illustrative view of the software objects at a 
US6 ;: S te ™ ina -eluding a user application and the API between the 
applxcatxon and other consents, that cooperate to establish the user 
preferences during execution of the application as the user's terminal; 

Figs 7 through 8 show illustrative operations at both a user's 
t6rmna " d 3 SerV6r f ° r user log-ca and initially establishing the 
user's desktop, including desktop preferences, at the user terminal 

_ Figs. 9 through 11 show illustrative operations at both an 
administrator' s terminal and a server for administrator user log-on 
•"•bla.hn.ent of the administrator's desktop, and, by way of example, the 
selectaon of an application and a context for conf iouration; the example 
also llustrates a context change during configuration the user's Zk op 
and the resulting operations; and aesxtop 

Figs 12 through 24 show a variety of actual administrator screen 
snapshots an various phases of application administration, including 
building of a hierarchy of which Fig. 3 is a representation of an 
example of. the creation and deletion of users, etc. the establishment of 
application preferences for applications, and context changes during 
preference establishment. 9 

The system described herein provides a common repository for 
configuration information for all users and applets in a client-server 
envaronment. This is referred to as client profile management. The 
system allows users to roam, that is, to log-in from any computer in the 
system at any time and have it configured automatically at run time 
according to the preferences stored at the server. The preferred 
embodiment is a aava (aava is a Trademark of Sun. Xnc.) based system and 
the claent computers use a web brnw«r ir , for{ , 

programs. 6 interface arranged to execute Java 

The terms 'applet' and ' servlet' are established terms in the Java 
programming language art and will be used herein, since the terms have 
meaning to tnose skilled in this art. 'Applet' ref^e • , 

„ . , c - applet refers to an independent 

software mooule that runs within a Oava enabiec web browser. Servlet 
refers to a software module that resides on a aava enabled web server it 
as to oe understood that the use of the terms 'applet' and 'servlet' ' 
herean as not intended to limit the invention in any way. For 
clarification, the phrase 'configuration applet' is used herein to refer 
to a software module used to configure preferences for an end user 
software application such as a word processor » *»i.»v, 

„ . u Processor, a database manager, etc 

Since software applications are also 'applets' in t-h* . 

applets an the Java envaronment, 
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the phrase 'user applet' or just 'applet' is used herein to refer to an 
end user application. J 

in the preferred embodiment . user applets and the desktop applet 
are assumed to be Cava applets. However, it is understood that the 
Mention Is not limited to a Cava environment. The invention can be 
7Z Tn any client- server system. For example, if desired, the system 
could be designed to use proprietary communication protocols and 
^plications written and compiled in any desired programing language. 
Further even in the preferred Oava based environment, disk-based 
computers might access some applications locally, and other applets from 
the server. Preferences for the locally stored applications might be 
stored locally in the traditional manner, while preferences for the 
server -based applets might be handled in the way described herein^ 
Preferably, however, preferences for locally stored applications are 
stored on the server using the Profile Management Properties API in 
addition to the preferences for server based applets oescribed herein. 

A simple Application Program interface (API) allows applets written 
to the AP to easily store and retrieve preference data wben the applet is 

\ A bv a user or administrator. Applet permissions and user 
"noes canTe Lined based on group memberships and individual 

identity. 

Client profile management includes the following services: 
Log -on support - mapping to a user profile; 

user support - the administrative ability to create user identifications 
and provide services and preferences directly to users; 

User groups support - the administrative ability to create ^--hical 
groups of users and provide services and preferences based on group 
memberships ; 

nntpyt transoorencv - automatic determination of the context 
User applet context transparent 

user cpy , determination of the user and/or 

establishment of the profile environment; 

User applet preferences repository - context-sensitive server storage for 
user applet configuration data; 
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Dynamic user applet preferences inhpn>anr.c v 

ces inheritance - hierarchical load-time 

coalescence of user applet preference v i* ~u • ■ 

of inheritance; and prefe — — the object- oriented principal 

user applet access control - control of user applet execution based on 
group default membership privileges. The administrator can override 
default group privileges and permit or deny additional access privileges 
for individual users. ^ ieges 

Profile management provides a framework through which these tasks 
are performed. See tasks are supported by profile management directly 
e.g. user/group management, applet lists, context switching, preference 
xnher.tance, etc., while configuration services specific to user apple's 
are usually supported by separate configuration applets invoked by a 
system administrator within the client profile management environment 
Some eno user applets might provide the configuration capability as part 
of the end user applet. if this is the case, the administrator can run 
the end user applet (as opposed to a separate configuration applet, in the 
context of individual users and groups to set the conf iouration 
preferences for those users and groups. 



Fag. 1 shows one high level view of an intended environment for 
practising the invention. A network 100 is provided for interconnecting a 
Plurality of user stations, such as desktop personal computers 102, mobile 

25 laptop computers 104, workstations 106 (e.g.. Rise computers), an 

administrator's station 108 and a server 110. m one embodiment, network 
100 might be a local area network. m another embodiment, network 100 
ZT inClU ° G . W1 f arSa """-king for entities such as corporations that 
have geographically displaced sites that are still included within the 

30 system. There is no intent to li.it the environment in which the 

invention might be practised; indeed, a network of any type that 
interconnects many types of stations is envisioned. 

A high-level diagram of the profile management administrative 
35 operating environment is shown in Fig. 2 . to administrator client network 

computer 200 is represented on the left of the Pig. and a server 202 for 
tne system is on the riant The riionf 

-^yjiL. in e client and server communicate via a 

network represented as 203. The particular example of Fig. 2 assumes that 
^ the cl.ent computer is a system administrator's computer. 

I 

Profile manager 206 on the ciiprir ^-it ^ - . 

_ c . e Ciien t side allows the administrator to 

configure user applet DreferpnrPQ ah v^*-vs 

yv±^ pieierences at both user and group levels. The 

administrator can create new users and group hierarchies, add users to 

dl " erent - 9r ° UPS ' specify applet permissions for. each group and for 

45 individual users. And the administrator can configure applets in the 
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context of an individual user or a group. The administrator can add, 
delete and reset passwords for users. Profile management support is 
transparent to the general user. The administrator can l invoke the profile 
manager 206 in the context of any user or group. Only the administrator 
can change from his/her context to administer clients (users) and groups. 
The server will not allow a user without administrative authority to 
switch context. when a request comes into the server, it will query the 
authenticated ID of the user trying to access this function. If the user 
does not possess administrative authority, (i.e., is not a member of the 
AllUsers. Administrator group), the Profile Manager Servlet 214 will 
reject the request. 

Profile manager 206 invokes other applets, such as appletl (208) , as 
shown in Fig. 2. in this example, appletl might be the administrative 
applet for configuring preferences related to user desktops. Or appletl 
could be a configuration utility related to an end user applet, such as 
editors, word processors, databases, etc. It is preferred, but not 
required, that configuration applets such as 208 exist as modules separate 
from their corresponding user applets. In the context of Fig. 2, Appletl 
is typically a configuration applet for a user applet; the administrator 
runs the configuration applet appletl under a group context to set group 
preference and permission defaults, or in a user context to customize user 
applet configurations for an individual. By implementing appletl as a 
module separate from its user applet, performance is enhanced, since the 
configuration appletl will likely be small compared to the user applet. 
Also, separate configuration applets allow the administrator to control 
the end users ability to configure the user applet. 

Traditional stand-alone computers store user applet configuration 
information locally in association with its the user applet. Traditional 
stand-alone Java based computers store user applet configuration 
information using the format provided by the j ava . ut il . Properties class. 
Both arrangements require that the user applet specify the name of a local 
file in which to store configuration information related to the user 
applet. In other words, a relationship is required between the computer 
and the user applet loaded on it. Profile management as described herein 
provides the familiar capabilities of a real j ava . ut il . Properties object 
plus additional facilities supporting user-roaming capabilities and 
seamless pluggability into a powerful administrative framework (the 
Profile Manager) . 

Prof ileManagementProperties P 210 is a properties object for appletl 
and provides an API between Appletl and the server that allows the server 
to determine where to store configuration information for appletl in the 
context of users and groups . The Prof ileManagementProperties object class 
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provides all of the functionality of the java.util. proper ties class with 
the further ability to provide create, save, and retrieve the 
configuration information for software from permanent storage, storing 
sue .formation in a central location ma.es management of user and group 
5 configurations possible. , group 

T,T "" Ser f ln r ° le ° f admini ""tor, ProfileManagementProperties 
210 allows the administrator to configure the user applet correspond n to 
configuration appletl, or to configure appletl if appletl is an end user 
applet, and store the configuration information in the proper place on the 
10 server in the proper context. This allows the establishment of a 

relationship between the user applet and the user, rather than between 

user applet and computer as in traditional systems. 

ProfileManagementProperties 210 is an extension of the 

java.util. Properties class. The extension allows the Key/value pairs of 
15 preference information of a Properties object to be associated with a key 

as opposed to a stream, as with java . util . Properties . This, in turn 
allows application developers to use the key to specify a unique location 
relative to a context for preference information, rather than a file name 
and path. ProfileManagementProperties 210 determines the key 
20 automatically. The generation of the key is discussed more in connection 

w lt h Fig.'s 8 and 9. B y modelling ProfileManagementProperties 210 after 
the java.util. Properties class, the system can take advantage of 
preference inheritance through recursive class - default evaluation. Thus 
this extended class provides a "group default" capability by accumulating 
25 preferences starting at a current context, as discussed with respect to 

Fig. 3, and traversing up the contextual hierarchy for defaults. 

Server 202 includes a database 212 that stores user data and group 
data, such as user and group preferences and user applet access 
permissions Webserver 218 represents a typical web server with support 
for oava applets. Profile Manager servlet 214 maps user and group 
identifications to preference data. it also maintains an access control 
last to manage user access to applications on the server. 

35 in FiQ US r ^ / r ° UP Terences are stored as a tree hierarchy, as shown 

£ln " ° f £yStem aUt ° matiCally bel -S to the top group 

Al users. All users belon g to the AllUsers group; this group contains the 
default preferences for some or all user applets on the server. m Fig 
I lt ' S aSSUmed that the Server cont "»s *t least three user applets 

« Tl , 38 APP3 ' ^ APP5 - AS lndlCated in the Allusers gr 0u ;, 

the default oackground ,BG) for App 3 is BG = blue. Other illustrative 

i re 2 a r ;rrr labelled " " " 2 ShOWn t0 ^ dSfault -lues of 

1, 2 and 3 respectively. The terms x, y and z are intended to represent 

any aesired preference and the values 1, 2 and 3 ,re arbitrary and usT 

45 merely to illustrate the point. The x preference might for example be the 
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screen font for the desktop; the value x = 1 might call for a default font 
of Times-Roman. Similarly, the default preferences fonApp4 for all users 
are BG = grey, x = 2, y - 2 and z = 2.. 

The default values in the AllUsers group can be modified in any 
desired way for other contexts, such as for other user groups and 
individual users. By way of example, in addition to the context of 
AllUsers in Fig. 3, four other groups (GroupX, GroupY, GroupYl and 
GroupY2) are shown. Additionally, two individuals Userl and UserN are 
shown. users can be members of more than one group. In Fig. 3, Userl is 
a member of AllUsers, GroupX and GroupYl; UsenN is a member of AllUsers 
and GroupY2. If a user is a member of more than one group (another group 
in addition to AllUsers) , then the groups are prioritized for the purpose 
of selecting the preferences for a given applet for that user. The 
administrator configures the group priorities for a user. Group priority 
is illustrated in Fig. 4 . * in Fig. 4, Userl has GroupX (identified by the 
fully qualified name of AllUsers . GroupX for his or her highest priority 
group. Userl 's next highest priority group is GroupYl 

( AllUsers. GroupY. GroupYl ) . Userl 's lowest priority group is the AllUsers 
group. When a user, say Userl, requests to run an applet say App3 , the 
preferences are coalesced from the tree of Fig. 3 according to the group 
or groups to which the user belongs and the user applet is configured on 
the user desktop accordingly. 

The first step in coalescing preferences for any context is to get the 
defaults. The defaults for a user, if there are any, is the coalesced 
set of preferences for the applet from the highest priority group from 
which preference information for the applet can be obtained. The defaults 
for a group, if there are any, is the coalesced set of preferences for the 
applet from the groups parent (i.e., The AllUsers group is the parent of 
AllUsers. GroupX) . If a group has no parent (i.e., the top level AllUsers 
group) , there are no defaults for that group. To coalesce the preferences 
for an applet at a context, the preferences for the applet explicitly 
stored at the context, overwrite the default preferences for the applet 
for the context. Thus, to coalesce preferences into the default set for 
an applet in a qroup context, recursive calls are made from each group 
node up to the AllUsers group requesting each parents set of preferences 
for the applet. Please refer to figure 3 to illustrate the following 
example. For example, if the context is Allusers .GroupY .GroupYl , a call is 
made to the parent of GroupYl, which is GroupY, requesting its default 
preferences for the applet. GroupYl makes a recursive call to its parent, 
which is AllUsers. AllUsers has no parent, so AllUsers returns it set of 
preferences for the applet to the call from GroupY. This set of 
preferences is modified by the preferences stored in GroupY for the 
applet, if any. This is now the default™ set "of preferences for the applet 
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» crolr.r PY1 - ™ S ° f de ' au " is return 

to Grcupvl as a result of the recursive call iron, Group,! to Groupv and 
.re .odrfrea by [h e preferences at Groupvl for the applet, if a'V 

oDtamed for the user is used to first establish t->^ 1 

r uits wni be obtai - d - - ™r: ~ from 

descried above is used to build the actual set of preferences for the 
user and the applet requested by the user. 

and should'be'r^ 9 -"^ 198 lllu """ the ^ Preference coalescence 
and should be read in conjunction with Fig. 3. 

set vrTflT* ^ adminlStrat ° r runs * configuration applet for A pp 3 to 
set preferences for the group Allusers . Groupx. 

To set the preferences for App3 in the context of Allusers GrouoX 
the present set of preferences must be determined. AllusersXoupX 
requests defaults for its parent Allusers. since Allusers is the top 
level group it returns its preferences for App3 to Groupx. These are the 
default preferences for App3 in the context of Groupx. since GroupX has 
no preferences for App3 , the default set fro, Allusers is the real set of 
preferences to be used. in this example, these preferences from the 
25 Allusers group are , BG=Blue , x=l, y =2, z=3 . The administrator ™ m 

r:r s ::;d:L c :: fi9uration — to — - ™ ~ in 



20 



30 



Example 2: userl requests execution of com. ibm. App3 . Preferences 
-st be coalesced for con,, ibm. A PP 3 in the context of Userl . PreferenC£S 

Fig. 4 shows that the highest priority group for Userl is 
Jor oref' GrOUPX - ^ °' ^ ^ hie «"*V w±« be checked first 

35 17.1 ormation pertainin9 to app3 - From here «• ^ — * 

essentially the same as example 1 above, except that the coalesced set 
of preferences is used to configure App3 on the user's workstation Th 

BG-Gre r eT S T *"* *** ^ * ^ ~3 the 

BG-Green preference stored in the Userl- s context for App3 over rides the 

- :;if a ir:n::t;:; reference obtained — - — - - 



Userl. 



Example 3: Coalescing preferences for com.ibm.App6 in the context of 
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This example illustrates the situation of the highest priority group 
containing no coalesced preferences for the context of >Userl. Again, the 
highest priority group for Userl is GroupX. This group' and its parent 
AllUsers contain no preferences for App6 . Therefore, the next highest 
priority group is searched. The next highest priority group for Userl is 
GroupYl. A set of preferences can be obtained from this group for App6 . - 
The coalescence of preferences proceeds as described in example 1. 
Recursive calls are made from GroupYl up the tree to the root AllUsers 
group and the preference sets are returned back down the recursive calls 
and modified along the way to form the default set. The default set is 
then modified with the preferences stored in GroupYl to form the 
coalesced set of preferences that apply to this context. Stated briefly, 
Allusers returns a null set of preferences, since it has no preferences 
for App6. GroupY modifies this null set with the values a=l and b=2 and 
returns this set to GroupYl as the default set. GroupYl modifies the 
default set with a =33. This set is returned to the Userl context for use 
as its default set. Since there are no preferences for App6 stored at the 
Userl context, the defaults obtained from the GroupYl branch of the 
preference tree represent the fully coalesced set of preferences for App6 . 
The real set of preferences thus becomes a=33, b=2 for this context. 

The above 3 examples described the gathering of preferences in 
response to a loadO for a particular piece of software, when preference 
information is saved for a piece of software, any preferences that have 
been explicitly written at the Context being saved to will be written to 
the data store (212) at the location specified by the combination of the 
Context the software is being run in and the key for the software whose 
preferences are being stored. 

Permissions operate similarly: a new group has access to all the 
applet names permitted by the group itself as well as to all applets 
permitted by its supergroups. However, just as Java allows the programmer 
to override a superclass method, Profile Management allows the System 
Administrator the ability to override an inherited permission. This is 
called overriding a permission, 
i 

As with Java's form of inheritance, Profile Management's form of 

r 

preferences and permissions inheritance is called single inheritance. 
Single inheritance means that each Profile Management group can have only 
one supergroup (although any given supergroup can have multiple 
subgroups) . 

Profile Management users (leaf nodes) may require membership in 
multiple groups, so a facility is required to limit preference inheritance 
to a single hierarchical group to minimize the chance of corrupt 
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configurations due to the introduction of incompatible variable subsets 
introduced by cross group branch coalescing. By allowing a user's group 
memberships to be prioritized, profile management can follow a search 
order when looking for preferences related to a particular applet. In 
other words, starting with the group with the highest priority, the search 
will stop at the first group found to contain configuration data for the . 
applet attempting to load its preferences. ■ 

A user inherits software permissions from group memberships. With 
careful enterprise modelling, the administrator can assign software access 
to many users without having to navigate through panels, one user at a 
time. Profile management controls access by programming the web server 
to permit / deny access to applets. The web server enforces the access 
control. The profile manager servlet is also protected by the Webserver 
requiring user ID'S and passwords to be passed to the webserver for 
authentication purposes. It is standard browser functionality to prompt 
for user passwords as required. 

Fig. 5 shows the system of Fig. 2 in more detail. Configuration 
applet Applet 1 is invoked by the administrator within the profile 
management framework. Applet 1 may implement the application program 
interface (API) 515 for querying information about its operational 
environment (e.g., query context, context changed events, query access 
control list for this context, etc.) to integrate tightly within the 
25 profile management framework, but this is not a requirement for a 

configuration applet. In any event, the designer of appletl need only 
understand the basic API methods: enablePersistence ( ) . load(), and saveO 
in addition to the basic methods of a j ava . util . Properties object used to 
get preference information into and out of a java. util . Properties object. 
30 API 515 additionally provides listO and getContextO methods. Appletl 

need only register with the Prof ileManagementProperties class and call 
these methods as appropriate. The loadO method can be called to retrieve 
the present state of preferences for the user applet being configured in 
the context of a user or group selected by the administrator The 
25 administrator can then modify the preferences as desired and store them 

using the configuration save functionality provided by the applet (which 
uses the saved method of its Prof ileKanagementProperties object. 
Similarly, if appletl needs the list of user applets authorized for access 
by a user, it can use the listO method to obtain the list from the 
4 0 server. The getContextO method can be used by the applet to display the 
name of the context that it is running in or even to ensure that it only 
runs in a certain context (i.e., if an applet wanted to configure a 
service on the server using the export agent, it might only allow itself 
to be run. at the Allusers context since the configuration being exported 
is server specific as opposed to user specific. For appletl to run in 
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the profile management framework, all that is required is for the applet 
to register with Prof ileManagementProperties 410 and implement the 
Prof ileManagementProperties class, an extension of the 
java.util . Properties class. 

The profile manager 506 also provides a context change API 516 for • 
configuration applets. Appletl may implement a context change event 
listener 512. The API 516 and the event listener 512 allows the 
administrator to change contexts (user or group) while running the 
configuration applet, without having to stop and restart it. For example, 
when configuring applet user preferences, the administrator will likely 
change contexts many times during the configuration. If the configuration 
applet is registered as a listener to such events, profile manager 506 
will notify it of a context change via API 516. This allows appletl to 
refresh its preferences from the server for each new context. without the 
event listener API , appletl would have to be terminated by the 
administrator and restarted after a new context has been selected to 
reference the existing preference information for the new context and 
avoid being stopped and restarted by the Profile Management applet. To 
register, appletl calls a method on its properties object 

Prof ileManagementProperties 510 i.e., addContextChangeLis tener (API 516) 
to register itself, when the administrator sets a new context, profile 
manager 506 performs a set context call (API 516) to object 510, which in 
response calls the reload method (API 516) on event listener 512. Event 
listener 512 now performs a load properties call to its properties object 
510 to get the new preference data from the server for the new context, 
and causes appletl to updates it GUI and internal variables to reflect the 
new preference information. 

The above functionality avoids the possibility of a network 
administrator reading data from one context, changing context, and 
accidentally overwriting with a saveO when intending to loadO before 
making configuration changes in the new context. 

Applets that do not register ss listeners will be stopped, 
destroyed, reloaded, and restarted by the profile manager applet when the 
administrator forces a context change. 

The profile management also provides a "properties export" service 
to allow the easy retrofitting of existing hardware and software into this 
profile management environment. The properties export service allows 
profile manager 514 to support user workstations (the physical hardware) 
as well as users, groups, and user applications. Since existing 
workstations do not know about Prof ileManagementProperties 510, the export 
service allows workstation vendors to create workstation - conf iguration 
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applets that specifies an export agent 520 to be invoked on the server 
Wh6n the Vend ° r Spplet saves ^ preference information. The export tag 
causes an instance of a vendor- supplied class (the export agent 520 
object) to be created and the export method to be invoked on the object to 
specify that workstation configuration information be saved in whatever 
proprietary file format and/ file location (s) that are required by the • 
workstation being configured. 

Assume that appletl is the configuration applet provided by a vendor 
for an existing terminal that is incompatible with the present profile 
management system. The vendor also supplies export agent 520 An 
administrator can configure the terminal for operation in this system by 
running profile manager 506, set the context to the terminal being 
configured, runs the vendor supplied configuration appletl and configures 
the applet, when the administrator saves the configuration, part of the 
information that is transmitted to the server is a unique identifier that 
identifies the terminal being configured. Typically, this is the Media 
Access control (MAC) address of the terminal. Profile manager servlet 514 
detects that an export agent is specified on the save. Profile manager 
servlet 514 detects this from one of the preferences being saved that 
specifies need for the export agent. The preference specifies the export 
tag in the form of a key value pair of 

xxxXEXPORT_AGE N TXXXX= { fully qualified class name of export agent) 

The Export Agent's export (Context context, config properties) method 
is called by the profile manager servlet 514 to create one or more files 
522 on the server from the save preferences information. The specific 
file or files are identified by the unique identifier of the terminal that 
came with the properties information from appletl. when the terminal 
later boots up, it uses its unique identifier to locate and retrieve its 
configuration information from files 522 on the server in the same manner 
that it always did, independent of the profile management system. 

Figure 6 illustrates an applet2 running on a client computer. 
A PP let2 might be an end -user applet such as a word processor. m any 
event, applet2 has access to some of the same API methods as shown at 515 
of Fig. 5 if it desires. Applet2 uses the load method to retrieve 
preferences and the save method to save any preferences that might be 
changed by the end user. EnablePersistence initializes the Profile 
Management Properties object for applet2 with context equal to the user 
and generates the unique key for identifying the preference information 
storage location on the server, as described above relative to the 
administrator. 
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Fig 7 shows the situation of a user bringing up his or her desktop. 
The user on the client (700) points his or her web browser at the UHL of 
"I desktop applet on the server and at step 70, sends ; essage 
htt p.//server/Desktop.html). Since DesKtop.html is a file that tne 

! nil a challenge is sent back to the web browser on the client at 
foe The' web b row er on the client responds by prompting the user for a • 
Her ID and password. The client then sends the user ID and password 

\ 1 to the server at 708. The user ID and password are shown in 
T °dTt 7 8 of i . To illustrate that this information is passed by the 

i\ 11 Itself This type of nomenclature is used in other places to 
web browser itself. mis typ imaVllv the use r has permission to 

illustrate the same thing. Since, presumably, the user na 
run the desktop applet, the request will be honoured. 

There are a series of interactions between the client and the server 
, , 21) where the code for the desktop applet is loaded to the client 
: The desktop object is created and begins to execute at 

117 The desktop object needs its preference information (i.e., 
Ration information) so it can ^J^^ZS" 

_ a . 714 which is used to loao, , get, cacne, set, 
object P at via, "men la s.rver for the desktop 

copy of the .set's preference information from the server 
appl et. The desktop object then Performs an API Qf 

ihi'pr^ - ™ is a « iv ' d t ™ of 

^top applet that „,s loaded from th« . server = , y The 

mi T:rr::;\: j :::;t the 

name which is the ID of the user, and a ^ <^ user £lom the „ quest 
„ser. The profi!. »an. g er serv let oe * fep * o£ t „. 

- - — ™iia"or:ri„; =r 

that specifies a unique location in the database 212 for storing t 
rific preference information for the desktop applet. Any desired 
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Desktop applet. The context and key are passed as part of the request 720 

lit iTi i riY e r sted preference a — - «- — ™ 0 

servlet 214 responds wath the requested preference information at 722 
whach as cached in the ' Prof ileManagementProperties object P 604 

Continuing on at Fig. 8, at 800 the Desktop object reads it's 
preference information out of its Prof ileManagementProperties object P 
and begins to update the desktop accordingly (i.e., it might set ^ ' 
screen colour to blue, get information about the position Tf , 
The desktop object calls a method on its Profit* 1C ° nS ' 6tC ' ) - 

object P to get a list of the sof ^"SS'T l"T C T 
permxssaon. The Prof ileManagmentProperties object P requests the 
^formation at 802 from the profile manager servlet 214, which generates a 
response wath the requested information at 804. Por each such applet to 
wh.ch the user has access, the information includes a user friend y name 
that is ° f ^ iC ° n aPPlSt ' — (information 

and to l n deSkt ° P " rePrS£ent the a ^ let - ^e desktop 

and to load and iaunch it) . and other optional material which is not 

relevant to the invention. This information is stored in the 

ProfileManagmentProperties object P, and returned to the desktop object. 

At 806, the aesktop object uses the applet information to build a folder 

for the applets and to generate a window displaying the icons and the user 

friendly name for each applet to which the user has access. 

dra aa JTT- that ^ 3 PrSViOUS run of th * desktop by the user, the user 
or gged and cropped the icons for some of the software displayed in the 
fcloer that was just described. lt is possible that „ ^ * * 

ZTr g Z Z TT to the applets that were dra - ed and — 

Part of the < ' 0bjeCtS a 

Part of the users preferences that were saved during the last run and 

would stall be displayed on the desktop . To avoid this situation, the 
desktop examines its preferences from it's ProfileManagmentProperties 
ob 3 ect P to check for applets that are configured to appear outside of the 
wanoow that is generated to display all applets to which the user has 
access. Fig. 8 assumes that there is only one applet outside of the 
outsit th£t 1E 9£nerated - If th «" »-e more than one such applet 

each su h ! 3PPlet Wind ° W ' f ° 110Wing Pr0 " dUre would looped for 

each such applet. At step 810 the desktop checks each of these applets 

apPearrng outside of the applet window against the list of applets from 

he server to J,hich the user has access, if the applet appears in the 

l^st the xcon for the applet is placed on the desktop at 810 in the same 

Positron as before. Xf the user no longer has access to the applet tnT 

from e th"p r Tr d fr ° m deSkt ° P ' S Prefe — " step 814 and removed 

L part ! r0 f lleMana ^^f obTect P. Xf" any applets are removed 
Part of thas process, the desktop tells the ProfileManagmentProperties 
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. « +- o save the preferences at step 816. The 
Z r elnagm n Properties cMect P senas a revest SIB.with the 

Prince key. a»a context information to the profile manager servlee 
S to save the new Preferences information in the Database 

^ .ends a response 820 to the Pr0tileMana9mentPr0pert.es object P 
i;™ ^ ProrUeMenagmentProperties object P that the reguest was 
successfully completed. 

Fip 9 illustrates the situation of an administrator running a 
oration applet -configure 

IZWJZZ 1 1 «" ; to'lbe'configuration of terminals or groups or 

rrlinaH. - ^inistrator on the client ^STLVZt ^ 
browser to the UR1 of the profile manager applet 214 on the 
browser server at 904. Since 

is to he run. The URL rs sent to protect s. a challenge 906 is 

ProfileManager.html rs a frle that the ser P by 
sent back- to the web browser on the * t to get 

prompting the ~ ^ ^"toTeTe^r with the user xp 

r = "nrormeuo^nclnaea in the message ^inee pr = the 

created and begins to execute at step 912. 

A p rof ileMana 9 ementProperties_nonContextFloating is used by the 

instead of a normal Prof ileKanagementProperties object.. 

Te «";ser group, for which the aaministrator is configuring. 

The profile manager object neecs .rs preference informat.cn (r ... 

^ ^i^t- The profile manager object then calls 
rr P en»hf.P rsIsrenCprorileMan.gerObject <.PPleU > . which in step 1 of 
s 7e initialises the Prof ileH,„.ges,entPro p ,rties_»oncontextPloatrn, oboect 
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P_ N CF with the URL of the profile manager servlet 214. This url is derived 
from the URL of the profile manager applet. The 

ProfileManagementProperties_nonContextFloating object P_ NC F sends a 
request 918 to the profile manager servlet 214 to get the context name 
(ID) of the administrator and the context type (USER) . The profile manager 
servlet gets the ID of the administrator from the request (918). The web 
browser passes the administrator ID and password in the' message along with 
the information sent by the Prof ileManagementProperties_nonContextFloating 
object P_NCF. The ProfileManagementProperties.nonContextFloating object 
P_NCF is initialized with the context of the administrator running the 
applet at step 2 of 916. At step 3 of 916, the 

ProfileKanagementPro P erties_nonContextFloating object P_ NC F generates a 
unique key for the profile manager applet by asking the Java 
profileManagerobject object (passed as a parameter in the 
enablePersistence call) for its fully qualified class name (i e 
profileManagerobject. getClass <) .getName <> ) . This unique key, combined with 
the administrator's context information, is mapped to specify a unique 
location in the database 212 for the administrator's specific preference 
information for the profile manager applet. 

A request (922) is sent to the profile manager servlet 214 to get 
the preference information tailored for the profile manager applet as 
configured for the administrator. The request (922) includes the 
appropriate context name and type and key information to identify the 
appropriate preference information. The profile manager servlet 214 
responds with the requested preference information (924), which is cached 
in the ProfileMana g ementProperties_nonContextFloating object P_NCF The 
profile manager reads its preference information out of the 
ProfileManagementProperties_nonContextFloating and updates itself 
accordingly (i.e., sets its background colour to blue for example). 

Operation continues at Fig. 10. The profile manager requests the 
information about existing users, user groups, and software from the 
profile manager servlet 214 and builds the tree in the left panel of the 

.5 profile managers configuration window at 1002. See Figs. 13 throuch 24 

for examples of the admini strator' s left panel. At this point 1004, the 
administrator selects a desired context for configuring by clickino on a 
user or group from the left panel tree. The profile manager sets the 
context for Prof ileManagementProperties objects by calling 

40 P_NCF.setContext (selected context). See Fig. 13 for a selected context of 

'User Groups', which refers to the group of all system users, or to Fig 
16, wnere a group context of 'Development' is selected, or to Fig 21 
where a user context 'colleend' is selected. Next, at step 1006, "the 

administrator selects an applet to. be configured from a list of all the 

applets on the server. see Fig. 17 for an example of selecting an applet 
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At step 100 8 , the administrator then clicks a Run/Customize button to run 
the applet selected for configuration. This applet might be a separate 
configuration applet for an end user applet, or it might be the end user 
applet itself. The selected applet is requested and loaded from the 
Server at 1009 and 1011. At step 1010, the configuration applet object is 
created and begins to execute and to generate its 
Prof ileManagementProperties object P. 

If it is assumed that the applet is a separate configuration applet 
for an end user applet, then at step 1012, the applet calls 
p . enablePersistence (config Apple tObject, 

f ullyQualif iedClassNameOf AppletBeingConf igured) . On the other hand, if 
the applet is a user applet, rather than a separate configuration applet, 
the call would be p. enablePersistence (endUserAppletObj ect) since it wants 
to configure its own preference information as opposed to the preference 
information for another applet. The current Context is already known by 
the Prof ileManagementProperties object P since it was previously set by 
the administrator via the administrator's 

Prof ileManagementProperties_nonContextFloating obj ect PM_NCF . The location 
of the profile manager servlet 214 was previously generated when 
enablePersistence was called on the Profile Managers 

Prof ileManagementProperties_nonContextFloating object PM_NCF. In the case 
of a configuration applet, the unique key for the applet does not need to 
be generated because it is passed by the configuration applet to the 
Prof ileManagementProperties object P in the enablePersistence call. 

At step 1014, the configuration applet registers itself with its 
Prof ileManagementProperties object P as a context change listener. As 
discussed earlier, this allows the applet's Prof ileManagentPropert ies 
object P to notify the applet if the administrator makes a context change 
so that the applet can load the preference information for the new context 
and update its Graphical User Interface to reflect the new configuration 
information, without requiring that the applet be terminated and 
relaunched in the new context. 

Operation continues at Fig. 11. At step 1104, the configuration 
applet tells the Prof ileManagementPropert ies object P to load the 
preferences from the current context for the applet being configured. A 
request 1105 is sent to the profile manager servlet 214 to get the 
preference information, tailored for the context previously selected by 
the administrator, for the applet being configured. The request 1105 
includes the appropriate context name (the context the administrator has 
selected) and the context type (USER, USER_GROUP, or ALL_USERS_GROUP as 
appropriate) and key information to specify the_ location of the 
appropriate preference information. The profile manager servlet 214 



WO 99/57863 



24 



PCT/GB98/03866 



10 



15 



20 



40 



responds with the requested preference information at 1106, which is 
cached in the Prof ileManagementProperties object P. The configuration 
applet gets preferences from the Prof ileManagementProperties object P and 
updates its Graphical User Interface accordingly. 

The administrator configures the applet at 1107 and saves the 
modified preferences, for example by clicking a SAVE button provided by 
the applet. As a result of this operation, the configuration applet calls 
the saveO method on its Prof ileManagementProperties object p. The 
Prof ileManagementProperties object P sends the preferences and the unique 
key for the applet being configured and the information specifying the 
current context to the profile manager servlet 214. The profile manager 
servlet stores the preference information in the database 212 in the 
location specified by the Context and the key. 



Step 1108 is an example of the administrator now changing context, 
while the configuration applet is still running. The administrator 
selects a new context by clicking on a user or user group (see Fig. 18 for 
examples of new contexts in the administrators left screen panel) . As a 
result of the context change, profile manager 506 sends a set context 
message to Prof ileMangementProperties object P (510) by calling 
P_NCF.setContext (selected new context), which in turn causes object P to 
notify event listener 512 of the context change via the reload properties 
API 515. This occurs at step 1110. At step 1112, the event listener 512 
25 performs a loadO call to retrieve the preferences for the new context and 

the object P is updated with the new preferences at step 1118. The 
administrator can now proceed to modify the new preferences for the new 
context, if desired, and to save them if required, and then to proceed on 
with a new context change if necessary as described above. 

30 

The remaining figures 12 through 24 show actual screen snapshots of 
an administrator's workstation while running portions of the profile 
manager 206. 

35 The main configuration window 1200 is shown in Figure 12. The tree 

view panel 1202 on the left of the window depicts prof ile management 1204 
as one of several services available on the server, when this item 1204 is 
selected as shown in Fig. 12, the right panel 1205 of the main window 
displays a welcome message for the profile management service. Expand and 
contract icons such as 1208 are used to control the appearance of 
sub- items under, an item in the left panel, if any exist. The in 1208 

is called an 'expand icon- and indicates that there are sub- items beneath 
'Profile management'. The administrator can display these sub-items by 

clicking on the expand icon 1208, which will then become a 'contract icon' 

45 ('-'). 
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Fig. 13 illustrates an expansion of the Profile management item 1208 
in Fig. 12, which results in the display of three default sub- items in 
Fig. 13 - 'Applets' 1300, 'User Groups' 1302 and 'Users 4 1304. Expansion 
icons indicate that these items can also be expanded. 'Applets' 1300 
allows the administrator to define the user applets available on server 
202, 'User groups' 1302 allows the administrator to create and populate 
the user group tree of Fig. 3 and to set group preferences. 'Users' 1304 
allows the administrator to create new users and to set their preferences 
or to change preferences for existing users. In the example of Fig. 13 
'Applets' 1300 is selected. When this item is selected, panel 1305 on the 
right of the window displays a list 13 06 of user applets that have already 
been defined to the system. Attributes of the application that is 
selected in 1306 are shown at 1308. The administrator defines a new 
applet by selecting <NEW> in 1306 and entering the name and location 
information requested in 1308. An existing applet 'Database Explorer' is 
shown selected in 1306. At 1308, the 'Applet name' field displays this 
applet name. The ' URL' (Universal Resource Locator) field displays the 
intranet or internet web address of this applet on server 202. The field 
'Complete path of html file' displays the directory path and file name of 
the applet in the disk directory structure of server 202. The field 
'Fully qualified class name' displays the fully qualified class name of 
the applet. The field 'icon URL' displays a web address of the image file 
used to generate an icon for the applet on a users desktop. The remaining 
fields are for optional information that may be required by the software 
upon invocation. A command button 1310, 'Import Applet List from File', 
allows the administrator to append definitions of applets to the existing 
list 1306 from an existing text file. when button 1310 is clicked, the 
window shown in Fig. 14 pops-up and allows the administrator to enter the 
path and file name of the text file containing the applet definitions to 
be appended. To save all pending changes, the administrator clicks on 
File 1312 and then Save (not shown) . 

In the left panel, the User Groups item 13 02 corresponds to the 
AllUsers group of Fig. 3 ('User Groups' and 'AllUsers' are used 
interchangeably herein) . Fig. 15 shows the right panel of the 
administrators stataon when the 'User Groups' item 1302 is selected. In 
Fig. 15, a notebook panel is displayed on the right that contains three 
tabs - a Members tab 1514, a Subgroups tab 1516 and an Applet Permissions 
tab 1518. The Members tab is selected in Fig. 15. The Members panel 
contains a list 1520 of the log-on identifications of all members that 
have been defined to the system. To create a new user (who will 
automatically gain membership into the presently selected group context - 
'User Group'), the administrator selects <NEW> from the list 1520, enters 
the appropriate information in the entry fields 1522 to the right of the 
list, and then clicks on the Create button ' 15 2\ 2 7 When an existing member 
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is selected from the list i^on *-v^ • 

. °' the attri butes previously saved for that 

user are displayed at 1522 Tho*^ * tor tnat 

^ attributes include the full name of tho 

selected member, the members «5vci-*m m the 

member s system ID, password and any desired 
comments. The attributes exr^m- m ^ ^ 

es ' except ID, may be edited and the chance* 
coated (but not s a v e a, by cllckln „ the Modify ^ 15M ^£ 

^ " m ° Vea „ fr °" ^ "™- ■»»«, by cliacin, the e button 

is ' ^^aroM 9 ,"" 96 ^ " mOVea ty Sel """* <- in :l 

last 1520 and clicking the Undo button 1528^ 



the , I r ^ &dministrat -'- right panel that is displayed when 

the subgroups tab 1516 is selected. Subgroup list 1620 shows existing 
groups that are subgroups of the item selected in the left panel wnich is 
'User Group' m this example. Therefore, list 1620 displays all i« a 
subgroups of the ^Users' group . In the leffc panel/ ^ ™*« «*• 

15 expanoed. The subgroups shown in list 1620 are also the expanded terns 

unoer 'User Groups- in left panel. Xn list 1620, a status field s iTthe 
Present status of each subgroup, such as ! delete', Modify, 2l 
Create'. An empty status field in list 1620 indicates that the subgroup 
exists and no actions are pending to be saved The '" svmbni ^ 
2 0 that the status is pending (not yet saved, . At trib u tes fTL TulZZ 

selected m list 1620 appear in 1622. These attributes include the 
subgroup name and desired comments about the suboroup. To create a new 
subgroup, the administrator selects <NE w> f rom ^ Lo/enTers t L 

25 162r° U L nam t e and / SSired in and clicks the Create button 

25 1628. An entry of '- create <subgroup nan,e>- then appears in list 1620 

as a pending action. To save all pending changes, the administrator 

clicks the Pile button in the top me nu bar and then Save (not shownT. 

30 p • Fi9 * 17 f° WS the ri9ht Panel tha * is displayed when the Applet 

30 Permissions tab 1518 ic c P i 0 r t nfl t- pp et 

1S sele cted. List 1720 shows all names of all 
applets that have been defined to the system and the permission statu. 

Permit or deny access) that is assigned to each applet for the or 
subgroup (the current -context', that is selected in the left panel Z 

35 The T Pa9eS deSCribed ' - exclamation point indicates that 

35 the status depicted is a change that is pending a Save. m Pig 17 the 

.roup -user Groups' is selected in the tree shown in the left pane ' ch 

~ h W ' A11USerS ' 9r ° UP Sh °- - ^ all Is els o 

tne system have membership in the 'User Groups' croup list 1720 1 L 
global default permissions for all system US L S for ^ ^ d ^dt 
40 the system. For example, the default r^-™,- ■ aennea to 

<T% _ ^ i " ' cne aeta ult permission status for applet 

'Database Explorer' is 'permit' fmoar,^,, = 

,-.,„ , 1 Permit (meaning access is permitted) for the 

Allusers' group; simi i ar i y , the default permi£sion st ^ s 

to applet TPTP is 'deny (access is denied , . The administrator on change 
the Permission status of an. applet by selecting it in list 1720 and 
45 clicking the 'Permit group access' button 1730 or ^he ' Den y group access' 
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. ,,32 Furthermore, regardless of an applet's permission status for 
d con ext. an administrator can select an applet from 1720 and 
TilZ Bun/Customize' button 1734 to execute the user applet under the 

acted context. The panel region previously showing the notebook or 
£ r ontext then becomes occupied by the executing user applet. 

Tf the user applet happens to be a configuration applet for other 
software "he administrator can then save software preferences (through 
neconf juration applets uni Q ue facilities provided for this function) 
:Lh will ? n be saved a 

— - — ifc own preferences 

rather than preferences for a separate piece of software. 

Fi o 18 shows the complete expansion of the administrators left 
™ neneath 'User Groups'. Immediately beneath 'User 
panel subgroup tree oeneath user Gro p default subgroup that 

r-rrnT**' there are two subgroups 'Administrators . a aetauit 

nnot be -moved, and ' IBM' , a subgroup defined by the administrator. 
m B subgroup has also been expanded and contains three subgroups 
The 'IBM , Software ... The -software' subgroup has been 

landed aid cont in at least one subgroup called development'. The 
ZTZZt subgroup contains at least one which 

rTo^;":r s n o s i: 

Tected In S expansion tree. Since 'Development' is not at the top of 
516 Hierarchy (the 'All Users' group), the notebook shown m the 

the tree hierarcny -User Groups' 

rioht panel is somewhat different from that of Fig. is wne 
right panel automatically a member of 

was selected becaus a ^ ^ ^ displays ^ 

development a they ^ ^ uEer „ 

log-on system IDs ot an *y -Development' 
in list 1820 shows whether the user owns a membership in tne 

v A status of 'yes' indicates that the user is a member of the 

subgroup. A status ot yes member of 

•Development' subgroup, 'no' indicates that the user is 
t he development' subgroup, and 'inherited' indicates that the user 

nLrits membership within the -Development' group by belong! g to t 
l«"t one of Deveiopment's subgroups further down the tree. A user s 
TemTerstip status for a subgroup is modified by the administrator oy 
menuoership swu „, <„v<t,„ on the 'Add to Gro\ 



membership status » Group' 

m« „Ur in list 1820 and then clicking on the aoq to wuuy 
selecting the user m list f the admin istrator 

button 1836 or 'Remove from group' button 1838. ir tne 

; cw the LZLl™ «o create a new syste. use, by seaectin, »EW » 

Use »20 and then clicbin, the -Create' button Simrlany the 

Hiniatr.tor can .edify =r delete an SUB* systeB user by selects 
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the appropriate user in list- iQ?n ar >^ ~n ,• i • 

• Modify or 'Delete' », clicking the appropriate button 

airy or Delete . users created at any subgroup context (e a 
'Development', not only gain the reguired membership ^ .^L^. fc 
are automatically made .enters of the selected subgroup. Changls to 
system user li st are saved by clicking on . m .. J ^ ^^^^ 
the right panel and then clicking 'Save' (not shown) 



Fig. 20 shows a direct way to get to the system user list for 

Til' l?To\T\? T T the 9roup and sub9roup route *»™ * 

19. To get to Fig. 20, the administrator selects 'Users' 1304 in the left 

thT dm T 6XamPle - Th6n in the ^ I— 1 shown" 1 

the admm^trator can create new users and modify and delete existin! 

already dis ™' ~ — - - —jvr:^ or 



In Fig. 21, the administrator wishes to work ^rorn,, ^ ■ * 
corresponding to a user whose ID is 'colleend' . To ao ^ ~ " £ °™"« 

lT*T tTa T ' U£SrS ' ln ^ lGft P3nel ° f 21 < 'or example, 

and then selects 'colleend'. as shown. The right panel then appears 
whach „ devoted to colleend's system information. The right P Ll 
contains three tabs. The first tab -user Information' is selected by 
default. n this tab, the administrator can modify the name . ID , p J sword 
and comments pertaining to colleend. 

Fig. 22 shows the right panel when the adjninistra selects 
second tab 'Croup Memberships'. Lis t 2220 shows all subgroups of w ^ h 
colieend is a member. The subgroups are shown in this list in the order 
of subgroup priority for colleend. The administrator can change 
colleend' s subgroup priority by selecting a subgroup and using the up and 

Group Memberships- button 2242 in Fig. 22. the right panel then shows the 
contents of Fig. 23. The Fig. 23 right panel allows the adminis ra"r to 

does th V^ 01 ^ ° f WhiCh C ° lleend iS 3 ™ e administrator 

ooes this by clicking on an appropriate box corresponding to a desired 
subgroup. Xf the box is clear (meaning that colleend is not presently a 
member), then a checK mark is added to ■ the bo, to include colleend in the 
subgroup. Conversely, if a subgroup box is already checked, then dicing 
on the box clears the check mark and removes colleend from the subgroup. 

Flo J' 9 ' 2 \ Sh ° WS thS right panel when ^e Applet Permissions tab of 
Fig 22 is selected by the administrator. m this right panel, list 2420 

™ it a11 aPPl \ tS ^ «« defi - d * system. The admini rater 
2420 aT^f^ ^SSJP- - ^^t by selecting the applet in list 
2420 and then clacking the 'Permit user access' button 2T3T; or acc es 7 



3s can 
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b e denied to colleend by clicking the 'Deny user access burron' 2432 

Ltnistrator can also launch an applet in the context o£ colleend by 
luZ in, "he .Kun/cnstcize. button 243.. when this is 'done the applet 
. ec tea in list 2420 is launched in the right panel. The ad^nrstrator 
, modify any presences that the applet allows ^n save h 

oreferences in the manner provided by the applet. » typical »<=•»» 

0 applet m tne context ^ ro <= e iect a group or user 

A typical scenario here is for the aomxmstrator to » « » 

It and then to launch the user applet as oesenbed above. The 
TinfstraL can then typically xnodify preferences fro, an options .enu 
IZ s £L in any manner provided by the user applet. For example 
tv^ically the user preferences are saved when the options dialogue xs 

5 red! o; the user applet ,ay provide other methods of sav n, the 

^^^^rZ^ si up by the 
L nlstrator through the user applet are saved on the server as rf 
20 ZZTZ entered the. directly herself by running the applet. 

«* shown in the figures is a scenario whereby a user can „odi.y 
extent when the user applet executes on the user oes P 

,. ™rr= ™;;r;,:;:,:.... ■ 

context. 
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1. in a network system comprising a network interconnecting a server 
and a plurality of user stations, a method of managing desktops on the 
user stations from the server, wherein the server stores a plurality of • 
user applications for downloading to user stations, and further stores 
access permissions for the applications for each user, said method 
comprising steps of: 

receiving at the server a log-on request including a user identifier 
from a user station; 

USing thS identif ier to build a list of applications for which the 
15 user has access permission; 

downloading to the station the list of applications for which the 
user has access permissions; and 



20 



25 



30 



40 



displaying on a portion of the desktop objects corresponding to each 
application in the list, said objects when selected by the user being 
operative to request a download of the corresponding application to the 
user station. 

2. The method of claim 1 further comprising steps of: 

using the user identifier to built an icon on the desktop that 
represents a user application specified by the user at an earlier time; 



for each user desktop icon specified by the user at an earlier time 
that corresponds to a user application, checking the access permission for 
the user to the user application; and 

° mitting from the d es*top any such user- specif ied icon corresponding 
35 to a user application to which the user does not have access permission. 

3. in a network system comprising a network interconnecting a server 
and a plurality of user stations, an apparatus for managing desktops on 
the user stations from the server, said apparatus comprising: 



means for, receiving at the server a log-on request including a user 
identifier from a user station; 

v . me * nS f ° r USing the --- ia ^ tifi ^...to build a list of applications for 
45 which the user has access permission; 
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means for downloading to the station the list of applications for 

which the user has access permissions; and i 

i 

means for displaying on a portion of the desktop objects 
corresponding to each application in the list, said objects when selected 
by the user being operative to request a download of the corresponding 
application to the user station. 

4. A computer program product stored in a computer readable storage 
medium for, when run on a computer, carrying out in a network system 
comprising a network interconnecting a server and a plurality of user 
stations, a method of managing desktops on the user stations from the 
server, wherein the server stores a plurality of user applications for 
downloading to user stations, and further stores access permissions for 
the applications for each user, said method comprising steps of: 

receiving at the server a log-on request including a user identifier 
from a user station; 

using the identifier to build a list of applications for which the 
user has access permission; 

downloading to the station the list of applications for which the 
user has access permissions; and 

displaying on a portion of the desktop objects corresponding to each 
application in the list, said objects when selected by the user being 
operative to request a download of the corresponding application to the 
user station. 
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1106 Preferences 



-yjjj Req preferences (Key, new comexij yiD, 
Password) 



1116 Preferences 



1118 

Profile Mgm Properties 
object P updates 
preferences 



Done ^ 
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